Generic WAFs vs Grey Wizard

Imagine, that you are responsible for web infrastructure security. Your job is to protect website, application or API. Maybe you are not an expert in the field and you don’t know what LFI (Local File Inclusion) is, but we are sure you heard something about XSS (Cross Site Scripting) or the most popular attack - SQL Injection. What do you do? You download a free WAF or buy Cloudflare and the problem is solved. Now you are safe. Well, not really…

After typing Web Application Firewall into Google you will find tens of companies offering different WAF solutions. Some of them you can download for free, for some you have to pay for and some are a bit more expensive. Providers say, that all of them provide security against threats mentioned in OWASP Top 10 (Open Web Application Security Project), so all of them provide the same protection. That’s not true. The difference in security offering is huge. Let us explain...

Let’s start from the beginning. Where do generic WAFs come from? Majority of them are based on ModSecurity, which is an open source project under the Apache 2.0 licence. This solution was designed in 2002 to monitor HTTP traffic on Apache and other servers. ModSecurty is based on CORE RULE SET designed by OWASP Project. Now let’s get to the details.

The rule sets are build from thousands of signatures and formulas. These perform simple matchmaking and expression comparisons in order to detect attacks like SQLi and XSS or other application attacks. What is the problem with this approach? This technology requires lots of attention and manual work. IT departments have to constantly monitor the ability of particular rules to function properly: they need to modify them, add new ones, delete those which start blocking legitimate users and cause false positives.

These days many services, that deliver CDN (Content Delivery Network) solutions like Cloudflare, Fastly, AWS, or NGINX Load Balancer, sell WAFs, that are based on ModSecurity. That way they position themselves as a one-stop-shop for websites.

Grey Wizard is different. Our Intelligent WAF was designed from the beginning with the idea to implement Machine Learning, A.I. and Heuristics, which allows for automatic protection against even unknown attacks. Please don’t get us wrong, we strongly believe Cloudflare delivers a very good CDN service. We often suggest clients to use their CDN and our WAF if they have their users spread globally. This is in our opinion the best mix of security and performance.

Signatures
Stops known attacks (pre-defined)
Can’t stop unknown threats
Not prepared for Zero-Day
Requires regular manual work with rules.
Easy to bypass
Machine Learning + A.I. + Behavioural Analysis
Stops known attacks (pre-defined)
Stops even unknown threats
Prepared for Zero-Day threats with A.I.
No need for any manual work at any time.
Bypass resistant
Solution based on signatures vs A.I.

Traditional WAFs are based on signatures from ModSecurity or their alternatives. It means, that only known attacks are being stopped -> they extremely easy to bypass.

Grey Wizard WAF is a hybrid solution, that uses Machine Learning, A.I. and Behavioural Analysis. It checks 63 different metrics of user behaviour and thanks to such a detailed inspection we can even detect attacks, that are unknown to our system -> bypass resistant

Manual Burden vs Everything automatised

Traditional WAFs require manual upkeep. To ensure, that the WAF will function efficiently some work has to be done on daily basis. Adding new rules, modifying the old ones, deleting the wrong ones and verifying those, that lead to false positives. All that requires IT to remain vigilant.

Machine Learning is a very efficient technology, that automatises the whole process. The system is “learning” on hourly basis making sure you get best ruleset possible.

Insights into incidents

Some generic WAFs (not all) don’t even give you detailed insight into blocked incidents.

Grey Wizard allows for detailed insight into all blocked incidents live. Additionally you get a 30 day history of all the incidents incidents. We also allow to export this data to any SIEM system.

API Protection

Traditional WAFs don’t protect API since they can’t analyze complicated API formats like REST/JSON/SOAP/XML.

Grey Wizard protects API by making a deep inspection of each http request (for example XML->JSON->Base64 etc.)

Individual Approach

The GW service itself can be largely adapted to the client’s needs. Our cybersecurity experts analyze clients traffic characteristics and apply special measures if needed.

contact sales

Test Grey Wizard for 10 days. It’s free.

We received your message

We will answer soon

×

For media

Provide us with contact details.

Thank you